evolve
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions explicitly enforce a 'FULLY AUTONOMOUS' mode, directing the agent to 'Do NOT ask the user anything'. This configuration removes human oversight from the loop, delegating decision-making to the model based on its instructions.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its automated ingestion of external data. 1. Ingestion points: Data is pulled from
.agents/rpi/next-work.jsonl,.agents/learnings/,GOALS.yaml, andPROGRAM.md. 2. Boundary markers: The skill lacks explicit delimiters or warnings to ignore instructions embedded within the harvested work items. 3. Capability inventory: The agent can execute shell scripts, manipulate the git repository, and invoke other powerful skills (/rpi,/crank). 4. Sanitization: There is no documented sanitization or validation of the work items before they are passed as titles or arguments to tools. - [COMMAND_EXECUTION]: The skill uses various local shell scripts (e.g.,
scripts/evolve-measure-fitness.sh,scripts/evolve-update-session-state.sh) and system utilities likegit,jq, andawkto manage the autonomous loop and its state. - [SAFE]: Robust safety features are present, including a tiered kill-switch system (KILL, STOP, and DORMANT files), mandatory regression testing with auto-revert functionality, and an oscillation detector that quarantines failing goals to prevent infinite loops.
Audit Metadata